PayPal and Mailpile, the scrappy secure mail startup ended the week on a high note: hugging it out (via Twitter) after the online payments behemoth froze more than $40,000 in payments to the crowd-funded startup then donated $1,000 to the project, to boot. But making it right with the tiny secure email firm is just the beginning of the story at PayPal, which is making the whole mix-up as something of an object lesson in how it needs to change to address a fluid and fast-moving online payments market. First, some background: Mailpile, of Reykjavík, Iceland, has raised more than $145,000 in a month-long campaign on the crowd funding web site Indiegogo.com to build a “fast, web-mail client with user-friendly encryption and privacy features.” Beginning on Saturday, PayPal froze more than $40,000 of those donations, suspecting fraud. The company’s spokespeople told company executive Brennan Novak that it wanted to see […]
Tag: Policy
U.S. Cyber Security Framework Is Good News-For Hackers
Ralph Langner, the renowned expert on the security of industrial control- and SCADA systems, warns that the latest draft of the U.S. Government’s Cyber Security Framework (CSF) will do little to make critical infrastructure more resistant to devastating cyber attacks. Writing on his blog, Langner said that a draft of the National Institute of Standards and Technology’s (NIST’s) Preliminary Cybersecurity Framework does little to compel critical infrastructure owners to improve the security of their systems, or guarantee uniform (and robust) cyber security standards in the critical infrastructure space. NIST released the latest draft of the CSF late last month (PDF). But Langner, writing on Wednesday, likened the framework to a recipe that, if used by three different chefs, produces three totally different dishes…or just a messy kitchen. “A less metaphorical words, a fundamental problem of the CSF is that it is not a method that, if applied properly, would lead to predictable results,” […]
That ARM-Sensinode Buy: What Does It Mean For Security And IoT?
We wrote last week about the decision of chip-maker ARM to buy the small(ish) Finnish software maker Sensinode Oy, which has become a big player in the market for software that runs low power devices like embedded sensors. The deal makes sense at the 100,000 foot level – ARM makes chips that power embedded devices, Sensinode makes the software that is powered by them. Perfect. But the deal actually works at a bunch of different levels, as I learned from a conversation with Michael Koster, the co-founder and lead architect at the group The Open Source Internet of Things (OSIOT). Koster is an authority on The Internet of Things and has helped create open-source toolkits and APIs that promote interaction among intelligent devices. Koster said that ARM’s purchase of Sensinode is as much about both firms’ investment in emerging IoT standards for low-powered, intelligent devices like Constrained Application Protocol (CoAP) […]
Privacy: From Right To Fight
As more and more of our public and private spaces are equipped with remote sensing and surveillance technology, personal privacy – at least as it has been understood for the last two or three centuries – is endangered. The solution, of course, is through improved privacy legislation and, perhaps, a more expansive reading of the U.S. Constitution’s 4th Amendment protecting against search and seizure. But, with policymakers in Washington D.C. stuck in a rut, and many EU nations as hooked on surveillance as the U.S., the onus falls to individuals to do what they can. That’s the subject of my latest column for ITWorld, where I talk about what is likely to be the next stage in our society’s rapid evolution on matters of privacy and security, what I’ve termed “The Jamming Wars.” Like other social movements, this will be fueled by a growing rift between the law and a […]
Microsoft Set To Pay First Bug Bounty For IE Hole
Weeks after launching its first, formal bug bounty program, Microsoft is set to issue its first monetary reward, according to a blog post by Katie Moussouris, the Senior Security Strategist at Microsoft’s Security Response Center (MSRC). Writing on Wednesday, Moussouris said that the company has received “over a dozen” submissions since it launched the paid bounty program on June 26, and that “I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)” Last month, Microsoft announced its new policy to pay for information about serious vulnerabilities in its products. The company had long maintained that it provided other kinds of rewards for information on software holes – mostly recognition and jobs – and didn’t need to offer bounties, as firms like Google, The Mozilla Foundation and Facebook do. In launching the new […]
